14330 matches found
CVE-2021-47316
CVE-2021-47316 affects the Linux kernel NFSD: a NULL dereference in nfs3svc_encode_getaclres can occur in error paths when the dentry is NULL, prior to the patch 20798dfe249a. The issue is resolved by a fix in the kernel encoder, preventing the NULL dereference in error handling. Affected product...
CVE-2021-47322
CVE-2021-47322 affects the Linux kernel NFSv4 pnfs_mark_request_commit() when rescheduling a set of writes on the commit list after a failed pNFS attempt, causing an OOPS in O_DIRECT paths. The vulnerability is addressed by fixes in the kernel (as described in the CVE entry and linked references)...
CVE-2021-47502
The CVE-2021-47502 issue relates to the Linux kernel ASoC codecs for wcd934x where channel mapping was mishandled when adding channels to multiple dai channel lists. The root cause was that channels could be added to more than one dai channel list or deleted from a list when not present, risking ...
CVE-2022-48643
The CVE-2022-48643 issue in the Linux kernel concerns nf_tables counters underflow when nft_counters_enabled is decremented in the error path of nft_basechain_init during nf_tables_addchain(). Syzbot reported an underflow after adding a chain; the root cause was nf_tables_chain_destroy() decremen...
CVE-2022-48661
CVE-2022-48661 in the Linux kernel relates to the gpio: mockup code where, if software node creation fails, the locally allocated string array isn’t freed, causing a potential resource leakage. The available connected documentation confirms this root cause and states the vulnerability has been re...
CVE-2022-48764
CVE-2022-48764 concerns the Linux kernel KVM x86 CPUID handling. The provided documents consistently describe a memory-leak issue where the kernel did not free the kvm_cpuid_entry2 array after successful post-KVM_RUN KVM_SET_CPUID{,2} calls, potentially leaving an unreferenced 2048-byte object (e...
CVE-2022-48832
In CVE-2022-48832, the Linux kernel audit subsystem was fixed to prevent dereferencing the openat2 open_how.args in audit_match_perm(), which could cause an oops/page-fault. The root cause was unsafe access to syscall arguments when checking permissions, leading to potential instability. The reso...
CVE-2022-48867
CVE-2022-48867 affects the Linux kernel DMA engine for idxd. The issue is a use-after-free during driver unload: when descriptors are flushed as part of idxd_dmaengine_drv_remove() path, a not-present-page fault can occur if descriptors still in use are freed. The root cause is freeing descriptor...
CVE-2022-48869
CVE-2022-48869 concerns the Linux kernel gadgetfs USB driver. The issue arises from a race between gadgetfs_fill_super() (mount path) and gadgetfs_kill_sb() (unmount path), where the_device could be deallocated while gadgetfs_fill_super() still uses it, resulting in a use-after-free. The provided...
CVE-2022-48889
CVE-2022-48889 - Linux kernel ASoC: Intel sof-nau8825 alias overflow . The issue arises from the 20-character limit for a platform_device_id entry (including the trailing NUL). The sof_nau8825.c file exceeded this limit, causing a build error: illegal character encoding in string literal in MODUL...
CVE-2022-48952
CVE-2022-48952 affects the Linux kernel PCI mt7621 path. The issue was a missing sentinel in the soc_device_attribute array, causing an oops during soc_device_match(mt7621_pcie_quirks_match). The fix adds the required sentinel in the attribute table (commit 7c18b64bba3b) and updates mt7621 exposu...
CVE-2022-48963
CVE-2022-48963 refers to a Linux kernel flaw in net: wwan: iosm where a memory leak could occur if allocation of ipc_mux->ul_adb.pp_qlt in ipc_mux_init() fails, leaving ipc_mux unreleased. The CVE is documented as resolved in multiple vendor advisories; the NVD entry cites a CVSSv3.1 base scor...
CVE-2022-49004
CVE-2022-49004 (Linux kernel) affects riscv architectures. The EFI page table is initially copied from the kernel page table; with VMAP_STACK enabled, kernel stacks allocated in vmalloc may land on a new PGD, causing a trap when switching to the EFI page table and a kernel panic. The fix updates ...
CVE-2022-49047
CVE-2022-49047 corresponds to a Linux kernel UAF risk in ep93xx clock code (ep93xx_clk_register_gate()) that was addressed by a fix in arch/arm/mach-ep93xx/clock.c. The vulnerability manifested as a use-after-free (memory after it is freed) between IS_ERR(clk) handling and returning &psc->hw, ...
CVE-2022-49141
CVE-2022-49141 affects the Linux kernel net: dsa: felix path, where kzalloc() may return NULL and lead to a NULL pointer dereference. The connected docs confirm the issue and state that the fix checks the SGI to prevent dereferencing NULL. The reported CVSS indicates a local attack with low privi...
CVE-2022-49425
The CVE-2022-49425 entry concerns a Linux kernel f2fs bug where a stale list iterator could become a bogus pointer after a loop, leading to dereferencing cur->page and possibly loading an out-of-bounds/undefined value during a comparison to find a specific element. The vulnerability arises whe...
CVE-2022-49464
CVE-2022-49464 relates to a Linux kernel erofs tail pcluster handling bug: when ztailpacking is used, the second part of an uncompressed tail pcluster may not match rq->pageofs_out, causing a use-after-free in z_erofs_shifted_transform and potential memory access after free. A fix was implemen...
CVE-2022-49553
CVE-2022-49553 is resolved in the Linux kernel: the NTFS driver code path fs/ntfs3 now validates the NTFS BOOT sectors_per_clusters field. If the field is > 0x80, it is treated as a shift value and the driver ensures the shift value is not too large for the NTFS max cluster size (2 MB). If too...
CVE-2022-49558
CVE-2022-49558 affects the Linux kernel nf_tables/netfilter path. The issue is a double unregistration of hooks in netns path: __nft_release_hooks() unregisters hooks during pre_netns exit, and NETDEV_UNREGISTER triggers unregister again, leading to potential hook handling inconsistencies. The pr...
CVE-2022-49717
In CVE-2022-49717, the Linux kernel issue concerns irqchip/apple-aic: a refcount leak in build_fiq_affinity. The problem was that of_find_node_by_phandle() returns a node pointer with an incremented refcount, and the fix is to call of_node_put() when the node is no longer needed to avoid the leak...
CVE-2022-49831
The CVE relates to the Linux kernel btrfs zoned feature. The issue occurs during seeding on a zoned filesystem if each zoned device’s btrfs_zoned_device_info is not initialized, causing a NULL pointer dereference when mounting. Multiple sources confirm this vulnerability and its resolution in the...
CVE-2022-49877
CVE-2022-49877 concerns a Linux kernel vulnerability resolved by a change in the BPF sockmap code. The issue manifests as a warning from sk_stream_kill_queues concerning sk_forward_alloc during test_sockmap selftests. The root cause was a mistaken use of msg->sg.size to replace the tosend valu...
CVE-2022-49949
The CVE-2022-49949 issue affects the Linux kernel’s firmware_loader path and is resolved by fixing a memory leak during firmware upload. Specifically, an instance of struct fw_upload is allocated in firmware_upload_register() and must be freed in fw_dev_release(). The remedy introduces a dedicate...
CVE-2022-50048
In Linux kernels affected by CVE-2022-50048, the vulnerability is in netfilter nf_tables: if nft_expr_clone() fails, dst->ops is set before the module refcount is bumped, causing an underflow in nft_expr_destroy(). This is a kernel-level issue that can affect systems using nf_tables, and is de...
CVE-2022-50052
The CVE-2022-50052 issue affects the Linux kernel ASoC: Intel: avs component. It stems from using snprintf(), which returns the would-be-filled size on buffer overflow, creating a potential buffer overflow; the patch replaces snprintf() with scnprintf() to mitigate this. The vulnerability is trac...
CVE-2022-50121
CVE-2022-50121 affects the Linux kernel remoteproc code for k3-r5, where a missing of_node_put() in for_each_available_child_of_node() can leak a refcount when breaking early from the loop. The root cause is that each iteration decrements the previous node’s reference count without explicit relea...
CVE-2022-50144
CVE-2022-50144 relates to the Linux kernel SoundWire subsystem. The issue arises during bind/unbind of SoundWire drivers where the probe stores driver ops in a per-slave structure and a previously introduced probed/probe_complete state isn’t reset on removal, enabling risky callbacks after .remov...
CVE-2023-32810
The CVE-2023-32810 entry applies to the Bluetooth driver in MediaTek devices. The vulnerability is an out-of-bounds read caused by improper input validation in the Bluetooth driver, which can lead to local information leakage and potentially System-level execution privileges. Exploitation is desc...
CVE-2023-39176
CVE-2023-39176 concerns the ksmbd kernel module in Linux, where parsing of SMB2 transform-header requests allows reading past the end of an allocated buffer. This results in information disclosure on affected systems with ksmbd enabled. Public sources in the connected documents consistently descr...
CVE-2023-52668
CVE-2023-52668 concerns the Linux kernel, specifically the btrfs zoned code path. The issue arises from incorrect lock ordering in btrfs_zone_activate(), where fs_info->zone_active_bgs_lock is taken after a block_group lock in some code paths, creating a potential circular locking dependency. ...
CVE-2023-52895
CVE-2023-52895 concerns a race in the Linux kernel io_uring/poll for multishot requests. A prior commit fixed a poll race that applies only to multishot, where a spurious wakeup can be ignored since the waitqueue isn’t left. A blunt reissue of a multishot armed request could leak a buffer if prov...
CVE-2023-53240
The CVE-2023-53240 issue concerns the Linux kernel’s xsk path. If a napi id is marked on an interface not brought up, xsk_sendmsg /xsk_poll can call xsk_xmit(), which may dereference a NULL pointers to xs->dev when IFF_UP is not set, causing a kernel NULL pointer dereference. The fix restructu...
CVE-2024-38584
In CVE-2024-38584, the Linux kernel net: ti: icssg_prueth prueth_probe() dereferenced a NULL pointer when emac_phy_connect() failed and of_phy_connect() returned NULL, leading to NULL pointer dereference in phy_attached_info(). The public fix is to check the return code of emac_phy_connect and fa...
CVE-2024-40955
CVE-2024-40955 corresponds to a Linux kernel ext4 slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists, triggered by setting mb_group_prealloc to a very large value (2147483647) and performing specific mkfs/mount/write actions. The bug is in ext4’s block allocation logic (mb_alloc/mb_grou...
CVE-2024-42075
CVE-2024-42075 concerns the Linux kernel’s bpf arena logic, which failed to account for mremap, risking use-after-free in arena_vm_close. The vulnerability is addressed by adding a reference count for multiple mmap events to protect the arena during remapping. The connected documents indicate the...
CVE-2024-42254
CVE-2024-42254 affects the Linux kernel io_uring subsystem. The issue stems from inconsistent NULL vs IS_ERR error handling in io_alloc_pbuf_ring(), leading to a KASAN null pointer dereference in __io_remove_buffers and related cleanup paths (/io_uring/kbuf.c and io_uring.c). The vulnerability wa...
CVE-2024-43836
CVE-2024-43836 affects the Linux kernel net: ethtool pse-pd path. A null dereference can occur when a PSE supports both c33 and PoDL but only one Netlink attribute is provided; the vulnerability arises although the c33/PoDL capabilities are validated by ethnl_set_pse_validate(). The issue has bee...
CVE-2024-57878
CVE-2024-57878 (Linux kernel, arm64) : The vulnerability in ptrace NT_ARM_FPMR regset handling could leave the temporary fpmr uninitialized for zero-length writes, potentially leaking up to 64 bits of kernel-stack memory. The patch initializes the temporary value before copying the regset from us...
CVE-2024-57934
The CVE-2024-57934 entry concerns a race in Linux kernel fgraph handling where fgraph_array[] access can race with updates to a fgraph_stub, potentially triggering a NULL pointer dereference. The fixed patch adds READ_ONCE() protection when accessing fgraph_array[] to ensure consistency between t...
CVE-2024-58060
CVE-2024-58060 affects the Linux kernel BPF struct_ops path. The issue occurs when a struct_ops contains a struct module *owner and CONFIG_MODULES=n, causing incorrect refcounting because the module btf_id is missing, leading to a potential use-after-free in tcp_congestion_ops. The patch disables...
CVE-2025-21752
CVE-2025-21752 (Linux kernel, Btrfs) The issue arises when modifying keys in the RAID stripe-tree using btrfs_set_item_key_safe, which can lead to tree corruption. The root cause of the tree-order issue is not clearly detailed in the provided documents. A practical mitigation suggested in the sou...
CVE-2026-53176
CVE-2026-53176 affects the Linux kernel iSER (IB/isert) login handling in ib_isert.c. A remote iSER initiator could send a login PDU shorter than ISER_HEADERS_LEN (76), causing an integer underflow in isert_login_recv_done() when computing login_req_len, leading to a negative length used in a mem...
CVE-2001-0316
CVE-2001-0316 affects Linux kernels 2.2 and 2.4 where sysctl can be invoked with a negative length, allowing unprivileged local users to read kernel memory and potentially obtain root privileges. Mitigation in the public records points to upgrading to kernel 2.2.19 or later (and vendor advisories...
CVE-2001-1391
CVE-2001-1391 is an off-by-one vulnerability in the CPIA driver of the Linux kernel prior to 2.2.19 that allows a local user to write into kernel memory. The issue is documented in multiple advisories (Mandrake MDKSA-2001:037, Debian DSA-047-1) and is described as a problem in the CPIA driver’s b...
CVE-2004-1144
Summary: CVE-2004-1144: A local privilege escalation in the Linux 2.4 AMD64 32‑bit emulation code was identified (Petr Vandrovec). The issue affects the AMD64 path in the 2.4 kernel, allowing a local attacker to gain privileges. Affected context (from connected sources): Red Hat and SUSE advisori...
CVE-2005-2873
Technical details for CVE-2005-2873 are not provided in the connected documents. Available sources reference related CVEs and kernel updates but do not specify affected product/version, root cause, or remediation for this CVE.
CVE-2006-7051
The CVE-2006-7051 vulnerability concerns the Linux kernel 2.6.x, specifically the sys_timer_create function in posix-timers.c. Local users can create a large number of posix timers, which are allocated in kernel memory but not counted as part of the process’s memory, leading to memory exhaustion ...
CVE-2013-1956
The CVE-2013-1956 issue affects the Linux kernel prior to 3.8.6, where create_user_ns in kernel/user_namespace.c may bypass filesystem restrictions by not verifying that a chroot directory differs from the namespace root during a crafted clone system call. This violation could allow local users t...
CVE-2014-2739
The CVE-2014-2739 issue affects Linux kernel 3.14.x–3.14.1, specifically the cma_req_handler in drivers/infiniband/core/cma.c. The root cause is an incorrect pointer dereference when resolving a RoCE address already resolved in a different module, which can lead to a denial of service via crafted...
CVE-2015-4176
CVE-2015-4176 affects the Linux kernel up to 4.0.2, where fs/namespace.c mishandles mount connectivity in the context of user namespaces. This allows a local attacker to read arbitrary files by leveraging user-namespace root access during deletion of a file or directory. The vulnerability is docu...